Professional Documents
Culture Documents
Many peoples take certied penetration testing or ethical hacking course. But they are learning from these course only SQL injection attack(Very Basic). But If a hacker can't nd SQL injection Vulnerable of his target then is it not possible to hack? If it is impossible to hack a web application without SQL Injection then there is no hackers in this world. There are many hacking method but they are not getting the real knowledge. Remember , If you want to become serious hacker then you need to research ,nd other vulnerability and exploit them. And Avoid them who wait only for SQL injection Vulnerability and If there is not SQLI vulnerable then they can't exploit(hack). Web Hacking is not a simple thing that peoples can learn within 1-2 days or from a simple penetration testing certied training. Every hackers has some step for successful . They must need to pass some stage. But some peoples does not know the all step and stages. I hope this course will help you much. This course will cover the complete "Web Hacking". ---------------------------------------------------------------------------------------------------
1. Unerstanding Web Application Defense: 1.1. Authentication. 1.2. Session Management. 1.3. Access Control. 1.4. Input Handling. 1.5 . Error Handling. 1.6. Boundary Validation. 1.7. Security Alerting Note: You will know the web attack method too.
2. Understaning How Web Application Work(Technologies): 2.1. HTTP Protocol. 2.2. HTTP Methods.
2.3. Headers. 2.4. Status Codes. 2.5. Cookies. 2.6. Auhentication. 2.7. Web Functionality for server(ASP,PHP). 2.8. Web Functionality For client side(HTML,Forms etc). 2.9. Encoding. 3. Information Gathering or Enumeration: 3.1. Spidering. 3.2. Hidden Content. 3.2.1. Leveraging the Web Server . 3.2.2. Brute Forces. 3.2.3. Comment. 3.3. Public Information. 3.4. Hidden Parameters. 3.5. Finding User Input Point. 3.6. Identifying Server-side Technologies. 3.6.1. Fingerprinting. 3.6.2.File Extensions. 3.6.3. Banner Grabbing. 3.6.4.Directory. 3.7. Information Gathering by Search Engine. 3.8. Planning The Attack. 4. Breaking Authentication: 4.1. Basic Idea of Authentication.
4.2. Design Flwas. 4.2.1. Weak Password. 4.2.2. Guessable Password. 4.2.3. Password change vulnerability. 4.2.4. Non-Unique Usernames. 4.2.5. Usernames Prediction. 4.2.5. Verbose Failure Messages. 4.6. Storgae of Credntials Vulnerability. 4.7. Brute Forces. 4.8. Predictable Usernames. Note: Some content is secret.
6.Attacking Session:
6.1. Meaningful Tokens.
6.2. Session Prediction. 6.3. Liberal Cookie. 6.3.1. Cookie Domain Restrictions. 6.3.2. Cookie Path. 6.4. Mapping Of Tokens to Sessions. 6.5. Predictable Tokens. 6.5.1. Time Dependency. 6.5.2. Random Number .
7.5. File Inclusion. 7.5.1. Basic Understanding of File Inclusion. 7.5.2. Remote File Inclusion. 7.5.3. Local File Inclusion. 7.5.4. Finding File Inclusion Bug and Exploiting. 7.6. Exploiting SMTP Vulnerability. 7.7. Buer Overow. 7.8. Script Injection Attack. 7.8.1. Perl . 7.8.2. ASP. 7.8.3. PHP. 7.9. LDAP Injection. 7.10. File uploading. And more....
7. Pathe Traversal.
7.1. What is it. 7.2. Finding Vulnerability. 7.3. Exploiting Path Traversal.
7. Attacking Client:
7.1. XSS. 7.1.1. Understanding XSS. 7.1.2. Reected XSS vulnerability and Exploiting. 7.1.3. Stored XSS Vulnerability and Exploiting.
7.1.4. DOM-Based XSS. 7.1.5. XSS Payload. 7.1.5.1. ------7.1.5.2. ------7.1.5.3. -------
7.3. Session Fixations. 7.4. Frame Injection. 7.5. Json Hacking. 7.6. Local Privacy Attacks. 7.6.1. Persistent Cookies. 7.6.2. Browser History. 7.6.3. Autocomplete. Note: Some content is secret.
9.1.3. Detecting The vulnerabe. 9.2. Format String Vulnerability. 9.2.1. Finding The Vulnerabilites.
Special Oer: You will be provided a professional tool freely which cost is 3000$-6000$.
---------------------------